1. Technical Field
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for managing sessions in a client/server environment. Still more particularly, the present invention provides a method and apparatus for routing requests to application servers based on a hash of the session identification.
2. Description of Related Art
The worldwide network of computers commonly known as the “Internet” has seen explosive growth in the last several years. Mainly, this growth has been fueled by the introduction and widespread use of so-called “web browsers,” which enable simple graphical user interface-based access to network servers, which support documents formatted as so-called “web pages.” A browser is a program that is executed on a graphical user interface (GUI) in a client computer. The browser allows a user to seamlessly load documents from a server via the Internet and display them by means of the GUI. These documents are commonly formatted using markup language protocols, such as hypertext markup language (HTML).
The client and the web server typically communicate using hypertext transport protocol (HTTP). However, when a client is accessing sensitive information from a web server, a secure protocol may be used. Hypertext transport protocol secure (HTTPS) is the protocol for accessing a secure Web server. Using HTTPS in the uniform resource locator (URL) instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. The session is then managed by a security protocol. Secure sockets layer (SSL) is the leading security protocol on the Internet. When an SSL session is started, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session.
HTTP is a stateless protocol. Therefore, every request from an HTTP client to an HTTP server is a new request and no state is maintained between requests. Conventionally, HTTP cookies are used to maintain a client-side state whereas HTTP sessions are used to manage the state information on the server side. A cookie is data created by a web server that is stored on a client computer. A cookie is used to keep track of a user's patterns and preferences and, with the cooperation of the Web browser, is stored within the client computer. Cookies contain a range of URLs for which they are valid. When the browser encounters those URLs again, it sends the appropriate cookies to the Web server.
A session is used to track the activities of a user. For example, a session may be created to allow a user to add items to a “shopping cart” using a plurality of individual requests. A session may also allow a user to use a web interface to search a database. Web interfaces may also be used to control equipment from remote locations. As web interfaces become increasingly popular, the administration of sessions used to manage multiple transactions by individual clients becomes exceedingly important. Normally, an HTTP session is created on the server side. To associate a session with a user, a number, referred to as a session identification (ID), is generated and associated with the user. The session ID is sent back to the browser as a cookie or through a URL rewriting mechanism.
However, web sites with high traffic employ a plurality of application servers to serve requests. One or more web servers route requests to the application servers and attempt to balance the loads on the servers. Prior art application servers embed knowledge into a session ID to identify the application server upon subsequent requests. When a client submits a request with a session ID, the web server must then extract that knowledge from the session ID to route the request to the proper application server.
One manner in which the server identification is embedded into the session ID is to encode a server:port pair into the session ID. This technique provides load balancing provided the initial request was load balanced properly. A plurality, usually two, of server:port pairs may also be encoded into the session ID. Thus, if the first server is not functional, another server may fulfill the request. However, this technique requires that the servers encoded into the session ID share the session information. Conventionally, the session information is shared by replication between “server buddies.” As the number of servers encoded into the session ID increases, the amount of replication increases, using up more storage. The level of fault tolerance in this technique is limited to the number of server:port pairs encoded into the session ID.
Another manner in which the server identification is embedded into the session ID is to encode an index into the session ID. This technique provides load balancing provided the initial request was load balanced properly. This technique provides no fault tolerance, because if the indexed server encoded in the session ID is down, the session data is lost.
Embedding the application server identification also has the disadvantage of tying the application server and web server code. The web server must know the manner in which the server identification is encoded into the session ID to extract the server identification and route a request. Furthermore, the application servers do not efficiently share session data.
Therefore, it would be advantageous to have an improved method and apparatus for perform routing of requests to application servers independent of information embedded in the session identification.